TestRail Cloud now 100% based on Amazon AWS with full compliance

All new TestRail Cloud accounts are now 100% based on our new
Amazon AWS backed infrastructure, following many industry best practices
and using Amazon's fully compliant and certified systems.

All our systems are designed with pro-active failover accross
multiple data centers in the US, while complying with the strict
EU data protection rules guaranteed under Amazon's Safe Harbor
compliance.

Amazon AWS has certified their infrastructure and/or is compliant
with many industry standard policies under the AWS Assurance Program
such as ISO, PCI DSS, SOC,
FIPS and MPPA.

Amazon AWS Assurance Program

Recent Amazon compliances
under their AWS Assurance Program. Please note that the above listed
certifications apply to the AWS
infrastructure only and don't necessarily extend to
applications such as TestRail using it. To learn more about
up-to-date details, visit the
AWS Assurance Program website.

What we're doing to keep your data and our infrastructure
safe and to ensure fast and effective responses to security issues.

Methodology

The security and safety of customer data, our applications and the supporting
infrastructure is our top priority. We achieve a high level of security by
following many industry best practices and regularly reviewing and improving
our security policies and processes.

Our staff is trained and briefed to ensure that our security policy is
executed thoroughly across all disciplines and teams, including customer service, our
software development team as well as infrastructure operations.

Physical Security

Our servers are hosted exclusively at professionally maintained and secured
facilities from leading data center providers. All facilities feature
various physical security mechanisms such as electronic access control systems,
24/7 monitoring of entrances, server rooms and vehicle access roads, as well
as modern fire detection and UPS systems.

Vulnerability Management

Our applications and the supporting infrastructure are frequently reviewed
for potential security issues.

Network Security

Our network is protected by redundant firewalls and load balancers.
Our data center providers employ additional constant performance and security
monitoring of the used infrastructure. We monitor all systems 24/7 for
availability and performance related incidents to pro-actively troubleshoot
and resolve issues. Many of our servers and network equipment are designed in
a redundant way with automatic active failover.

Transmission Security

All communications with TestRail cloud instances or our customer portal are
encrypted using industry standard SSL and HTTPS. For email, our infrastructure
supports TLS, a protocol that encrypts and delivers email securely between
servers. The TestRail server edition also supports SSL for the application as
well as email delivery. The use of SSL is also supported and encouraged for
integrations with third-party systems.

Access Control

All access to data within TestRail is governed by access rights and
user authentication. Operations and customer service policies follow
many industry best practices to limit access to customer data. Additionally,
customers can restrict access to TestRail users based on various permissions,
roles and network addresses.

Application Security

Our applications feature robust security mechanisms and use or support
encrypted storage of select data as well as backups and hashed passwords
if applicable.

Development Practices

Our teams follow many industry best practices to achieve a high level of
security in our code and infrastructure. To ensure a high code quality,
we employ regular code reviews, track changes rigorously and
train team members on common relevant attack vectors. We also maintain
our own secure framework as part of our stack to
limit third-party dependencies and to manage critical code
in a central place.

Data Isolation

We isolate customer data for TestRail server and cloud instances by
using separate databases and user access for each customer. This and additional
mechanisms ensure protection of sensitive customer information on the database level.

Privacy

We are bound to the very strict German and European data protection laws
such as the German Federal Data Protection Act. Personal information and customer
data is stored and processed only to provide and optimize our applications, services
and offerings.

Reporting Security Issues

Keeping customer data safe and our infrastructure secure is our top priority.
Your input and feedback on our security is highly appreciated. Please send urgent
and security related requests directly to
contact@gurock.com and use our
public key
to encrypt your message. Please also provide us with a secure way to respond.

Disclosing security issues

If you discovered a security issue that might impact our products or infrastructure,
please let us know. We will acknowledge your report, provide a way to track the issue
and start investigating the problem immediately. Once the issue has been resolved we'll post a
security update along with credits if applicable.

Please do not publicly disclose any problems without coordinating with us, so
we can ensure that all customer accounts and instances have been secured first.
We answer all requests within one business day and please ping us on
Twitter
or call us in case there are communication problems.